CVE-2026-13504

CVE-2026-13504 affects code-projects Project Management System 1.0, specifically the /mail.php Mail Compose Page. The vulnerability is a cross-site scripting flaw in unknown code paths within that file, exploitable remotely and with user interaction required. The description notes public disclosu...

CVE-2026-13503

CVE-2026-13503 affects antlr ANTLR4 up to 4.13.2. The vulnerability resides in the function getImportedVocabFile of tokenVocab Grammar Option Handler, specifically in TokenVocabParser.java, enabling a path traversal vulnerability. It can be exploited remotely and the exploit is public. The vendor...

CVE-2026-13502

The CVE-2026-13502 entry concerns antlr ANTLR4 up to 4.13.2. It affects the function ObjectInputStream.readObject in the antlr4-maven-plugin’s GrammarDependencies.java, indicating a time-of-check time-of-use issue. The attack is restricted to local execution and requires a high degree of complexi...

CVE-2026-13501

The vulnerability CVE-2026-13501 affects ANTLR4 (up to 4.13.2), specifically the GoTarget component within the gofmt tool in GoTarget.java. The issue is a local command-injection exploit caused by manipulation of the GoTarget codegen path. Public disclosure exists, and no vendor response is repor...

CVE-2026-13500

The CVE-2026-13500 issue affects antlr ANTLR4 up to 4.13.2, specifically the Grammar Action Block Handler’s OutputFile.java in the tool. The underlying problem is a manipulation of OutputFile.java that can cause code injection. The vulnerability is described as exploitable remotely, with a public...

CVE-2026-13499

CVE-2026-13499 concerns a cross-site scripting flaw in the yashpokharna2555 restaurent-management-system, affecting the Registration Handler’s login_register.php. Manipulating the Username argument enables an XSS condition, with remote initiation possible. The exploit has been publicly released; ...

CVE-2026-13498

The CVE concerns yashpokharna2555 restaurant-management-system. It identifies a vulnerability in an unknown function within /forgotpassword.php (POST Parameter Handler) where manipulating the email parameter leads to SQL injection. The issue can be exploited remotely and publicly available exploi...

CVE-2026-13497

The CVE-2026-13497 entry concerns itsourcecode Hospital Management System 1.0. The vulnerability resides in an unknown function of /appointment.php where manipulating the editid parameter triggers an SQL injection. This can be exploited remotely and has publicly disclosed exploit material (exploi...

CVE-2026-13496

CVE-2026-13496 affects itsourcecode Hospital Management System 1.0. The vulnerability is a SQL injection in the /ajaxmedicine.php file, triggered by manipulating the medicineid parameter. This can be exploited remotely, and public exploit code exists. The exact vulnerable function within ajaxmedi...

CVE-2026-13495

The CVE-2026-13495 entry affects itsourcecode Hospital Management System 1.0, with a vulnerability in /adminprofile.php where the loginid parameter is susceptible to SQL injection. The issue can be exploited remotely, and the exploit has been disclosed publicly. No remediation details are provide...

CVE-2026-13493

Technical details are not publicly available in the provided documents. Monitor for updates on affected components, remediation status, and any vendor advisories.

CVE-2026-13491

The CVE-2026-13491 entry concerns 78 xiaozhi-esp32 (up to version 2.2.6) and identifies a vulnerability in the MQTT Goodbye Handler. The issue lies in Application::GetInstance within main/protocols/mqtt_protocol.cc, where manipulating the session_id argument can trigger a denial of service. The a...

CVE-2026-13490

The CVE concerns glpi-project glpi versions 11.0.5/11.0.6/11.0.7. It affects the Document Handler, specifically Document::canViewFile in front/document.send.php. Manipulating the docid argument can bypass authorization, enabling a remote attack. The description notes high complexity and that expl...

CVE-2026-13489

The CVE-2026-13489 entry describes a vulnerability in 78 xiaozhi-esp32

CVE-2026-13488

SourceCodester Class and Exam Timetabling System 1.0/7.php is affected. The vulnerability is an SQL injection in the /preview7.php file triggered by manipulating the course_year_section parameter, allowing remote exploitation. Public exploit code exists. The CVSS information indicates a network, ...

CVE-2026-13487

CVE-2026-13487 affects SourceCodester Class and Exam Timetabling System 1.0. The vulnerability is an SQL injection in an unknown function of /archive.php caused by manipulation of the sy argument. It can be exploited remotely, and public exploit code is available. The CVSS-derived metrics indicat...

CVE-2026-13486

SourceCodester Class and Exam Timetabling System 1.0/6.php contains a SQL injection vulnerability in the /preview6.php endpoint, triggered by manipulating the course_year_section parameter. Exploitation can be performed remotely, and public disclosure of the exploit is noted across CVE records (C...

CVE-2026-13485

SourceCodester Class and Exam Timetabling System 1.0 has a SQL injection vulnerability in the /preview.php file, triggered by manipulating the course_year_section argument in an unknown function. The flaw can be exploited remotely and an exploit has been made public. The CVE entry indicates netwo...

CVE-2026-13484

Technical details about CVE-2026-13484 are not publicly available in the provided documents. Please monitor for updates from official advisories; no affected products, vulnerable components, or fixes are specified here.

CVE-2026-13483

The CVE affects arc53 DocsGPT (up to 0.18.0). The vulnerability lies in the Credential Storage component, specifically the encrypt_credentials function in application/security/encryption.py, causing insufficient verification of data authenticity. Exploitation is possible remotely with high attack...

CVE-2026-13482

CVE-2026-13482 affects skypilot-org/skypilot

CVE-2026-10593

The CVE affects Zephyr’s Bluetooth LE Audio BAP unicast client. In unicast_client_ep_qos_state(), the handler writes attacker-controlled QoS fields via stream-qos with only a stream != NULL guard. stream-qos is NULL for streams codec-configured but not yet added to a unicast group, creating a win...

CVE-2026-10646

Zephyr's BSD-sockets getaddrinfo() (subsys/net/lib/sockets/getaddrinfo.c) has a use-after-return risk from a stack-allocated ai_state being kept as user_data during a DNS resolver retry. If a semaphore wait times out and the code retries without cancelling the previous query or resetting the sema...

CVE-2026-10644

The CVE describes an out-of-bounds write in Microchip SERCOM-G1 UART driver (drivers/serial/uart_mchp_sercom_g1.c) used by the PIC32CM-JH family. When uart_rx_enable() is called with a one-byte receive buffer (len == 1) and CONFIG_UART_MCHP_ASYNC is enabled, the RX-complete ISR starts a single-be...

CVE-2026-58058

CVE-2026-58058 : Nmap up to 7.99 is affected by an integer underflow in IPv6 extension-header parsing (ipv6_get_data_primitive in libnetutil/netutil.cc). A crafted or truncated IPv6 extension header returned by a scanned target or on-path attacker can cause the remaining-length to underflow to a ...

CVE-2026-58057

Flowise before 3.1.3 is affected: a case-sensitive denylist for Custom MCP stdio environment variables allows bypass on Windows (case-insensitive env names). An authenticated user who can configure a Custom MCP node can inject NODE_OPTIONS --require to execute arbitrary code in the Flowise server...

CVE-2026-58056

RustDesk is affected by a session-authorization scope bypass in FileTransfer sessions. The root cause is gating incoming control messages on per-capability flags rather than the session’s authorized connection type; a peer with only valid FileTransfer authorization can inject keyboard/mouse input...

CVE-2026-58055

nghttp2 nghttpx (up to version 1.69.0) is affected. The proxy forwards an HTTP/1.1 Upgrade request that also carries a Content-Length header and body to reusable keep-alive backend connections, re-adding Upgrade and Connection headers while passing Content-Length verbatim. This creates an ambiguo...

CVE-2026-58054

MyBB 1.8.40 is affected: the limited Admin Control Panel user management can assign the Administrators group (gid 4) because verify_usergroup() unconditionally returns true. This enables escalation from delegated user-management to full Administrator permissions. The issue comes from the user mod...

CVE-2026-58053

Gitea act_runner (Docker backend) up to act 0.262.0 is vulnerable: the workflow.container.options are merged into the Docker job container HostConfig, and if privileged is set to false, only the Privileged flag is disabled while options such as --pid=host, --cap-add, and --security-opt remain. A ...

CVE-2026-58052

Technical details are not publicly available in the provided documents; monitor for updates.

CVE-2026-58051

CVE-2026-58051 affects libssh2 up to version 1.11.1. The vulnerability arises because libssh2 grows its publickey list using SSH2_REALLOC but does not zero-initialize the newly allocated entries before parsing populates them. If parsing fails and the code path cleans up, libssh2_publickey_list_fr...

CVE-2026-58050

CVE-2026-58050 affects libssh2 up to 1.11.1. The publickey subsystem reads an attacker-controlled 32-bit attribute count and uses it in the allocation num_attrs * sizeof(libssh2_publickey_attribute) without bounds checking. On 32-bit platforms, this multiplication can overflow, producing an under...

CVE-2026-58049

CVE-2026-58049 concerns FFmpeg’s RASC video decoder (decode_dlta in libavcodec/rasc.c). The issue arises when the code performs 32-bit reads/writes at the row cursor before the NEXT_LINE boundary check and validates the DLTA region in pixels rather than bytes. On PAL8 frames, this enables a DLTA ...

CVE-2026-53511

OpenSUSE Tumbleweed users should update calibre to calibre-9.10.0-1.1, as listed in openSUSE-SU-2026:11130-1. The bulletin indicates a CVE-2026-53511-related vulnerability fixed by this package update; it does not provide the technical root cause details in the connected document.

CVE-2026-8095

CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...

CVE-2026-10643

Zephyr CVE-2026-10643 affects the IP socket recvmsg() ancillary-data path (insert_pktinfo in subsys/net/lib/sockets/sockets_inet.c). A check only compared msg_controllen to pktinfo_len, omitting the cmsg header size, allowing an under-checked window (e.g., 16–27 bytes for IPv4 IP_PKTINFO on a 64‑...

CVE-2026-49416

The CVE-2026-49416 issue affects FreeBSD vt(4) CONS_HISTORY ioctl. The bug occurs when a large history size is requested, causing an integer overflow in the buffer size calculation and resulting in a heap allocation smaller than needed; subsequent initialization writes beyond the allocation, enab...

CVE-2026-49414

The CVE-2026-49414 issue affects FreeBSD: the ELF image activator clears per-process ASLR flags for setuid binaries after PIE base address calculation, leaving a user-requested ASLR disable in effect when the base address is chosen. An unprivileged local user can disable ASLR for a setuid PIE bin...

CVE-2026-49413

CVE-2026-49413 describes a flaw in FreeBSD’s Linuxulator: during execve for setuid/setgid Linux binaries, the P_SUGID flag is not yet set, causing AT_SECURE to be 0 in the ELF auxiliary vector. This missetting enables an unprivileged local user to inject a shared library via LD_PRELOAD into a set...

CVE-2026-49412

The CVE (CVE-2026-49412) affects FreeBSD’s kernel IPv6 multicast source filter (IPV6_MSFILTER) handling. The issue is a use-after-free: the handler releases a serializing lock to copy the source-filter list from userspace and later reacquires it; during the window a competing thread can free the ...

CVE-2026-45259

The CVE-2026-45259 issue affects FreeBSD Capsicum: in capability mode, sigqueue(2) remained permitted despite Capsicum, because kern_sigqueue lacks a capability-mode check to restrict signal delivery to the caller’s own PID. This lets a sandboxed process signal other processes it could normally s...

CVE-2026-45258

CVE-2026-45258 arises from an overflow in dsp_mmap_single() when validating an mmap() request in the FreeBSD sound(4) mmap path. The sum of user-supplied offset and length could overflow, letting a large mapping pass the check, and the offset could be narrowed from 64 to 32 bits when converted to...

CVE-2026-49417

CVE-2026-49417 is part of multiple vulnerabilities in FreeBSD's sound(4) mmap path. The FreeBSD advisories describe two memory-safety errors: (1) dsp_mmap_single() could overflow when validating mapping offset+length, allowing a mapping that extends past the audio buffer; (2) the audio buffer bac...

CVE-2026-12399

The Gutenverse WordPress plugin (Blocks, Page Builder & Site Editor) is affected by a Stored Cross-Site Scripting vulnerability up to version 3.8.0. The issue arises from insufficient input sanitization and output escaping in admin settings, allowing authenticated users with editor-level permissi...

CVE-2026-12432

The CVE affects the WP Full Stripe Free plugin for WordPress, up to version 8.4.3. The vulnerability is in the wpfs_update_failed_payment_status AJAX action, where the handler is registered via wp_ajax_ and wp_ajax_nopriv_ hooks and the underlying update_failed_payment_status() function performs ...

CVE-2026-3462

CVE-2026-3462 affects the Frisbii Pay plugin for WordPress (all versions up to 1.8.9). The vulnerability arises from missing capability checks on upload_csv and process_batch, enabling authenticated attackers with Subscriber-level access or higher to modify data by uploading arbitrary CSVs and ov...

CVE-2026-13295

The CVE-2026-13295 entry concerns the Page Builder by SiteOrigin WordPress plugin. A stored XSS vulnerability affects all versions up to 2.34.3, caused by insufficient input sanitization and output escaping of the panels_data parameter. Authenticated users with Contributor-level access and above ...

CVE-2026-11597

The CVE concerns the WordPress plugin “Surbma | Infusionsoft Shortcode” for versions up to 2.0.1. It enables Stored Cross-Site Scripting via the infusionsoft-form shortcode by unsafely handling user-supplied account and id attributes in surbma_infusionsoft_shortcode_shortcode(), which are concate...

CVE-2026-12471

The CVE concerns the Spexo WordPress theme. A missing capability check in the activate_plugin function affects all versions up to and including 2.0.11, allowing authenticated attackers with Subscriber-level access and above to activate a limited set of plugins. The information from connected docu...